I Think My PC Has a Virus: What Your PC Tech Actually Does

Is your Windows computer experiencing pop-ups, slowing down, acting strangely, or is just plain stuck? Chances are you have gotten infected by a virus. And chances are, you might not know how to get rid of the annoying behavior, and are looking to take the issue to a PC repair shop.

For this service, they could bill you hundreds in fees, almost totaling the cost of a new computer.
Here's a little secret: many shops will use tools that you can easily download-- for free-- and use yourself at home.

This article will list a few shop favorites and how I like to use them in sequence. This little routine fixes most problems without any major drama. Give yourself about two to three hours to perform all the steps.

Disclaimer:
The following is no guarantee that your particular virus infection will be eradicated. This is due to the fact that countless pieces of malware are being created every day, and can be overlooked even by the most expensive antivirus programs. Most infections are common enough and can be fixed by the following method. Some infections, however, can be so advanced that a re-install of Windows, or even a new hard drive, might be the necessary fix. What this article offers is a great place to start for fixing most cases of infections by trojans, worms, spyware, adware, etc. without added expense.

Phase One :
You will need to download:

1) Spybot Search and Destroy (by safer-networking, version 1.6.2 at the time of publishing this article)
2) ccleaner (by Piriform, version 2.18 last time I checked)
3) Ad-Aware (by Lavasoft, "Anniversary" edition released early this year)

Ideally, you should already have these burnt on CD, or saved on a separate USB drive. In many cases, downloading them through your already-infected computer might be either terribly slow or even impossible.
While you can download all these apps from download.com, the update for Spybot might not be directly available there. You may have to go to the corporate website to download the most recent detection update, which they usually name spybotsd_includes.exe. This will be especially useful if your particular computer is sluggish when on the internet, or cannot even get online.

Now insert your USB or CD, and install Spybot S&D. My own preference is to say "Yes" or "Next" to everything in the installation procedure that is prompted, but with the following exceptions: (1) uncheck "Use Teatimer" option when you see it; as useful as it is, it can bog down older, slower computers with not a lot of memory. (2) uncheck "Download updates immediately" if you have trouble getting online; don't worry, because you will have already obtained the download, anyway.

Phase Two (The Main Part):
Do NOT run the Spybot program immediately after installing. Instead, restart the computer in Safe Mode. This is a mode of operating that runs Windows with the bare minimum number of background tasks and programs at startup (i.e., most viruses will not be running).

To Enter Safe Mode:
You can restart the computer via Start->Shutdown, and selecting "Restart" in the resulting window. OR you can simply press and hold down the power button on the computer case for five seconds to turn it off, then press it again to restart.

As soon as the computer begins to power up, begin tapping the F8 key repeatedly, about once or twice per second. You should reach a black screen with white letters showing a list of options, including "Safe Mode", "Last Known Good Configuration", "Start Windows Normally". Use the up and down arrow keys to navigate the list. I like to use "Safe Mode with Networking". When you get this option highlighted, press the Enter key.

If you miss the Safe Mode screen for some reason (phone rings, dog barking too loudly, neighbors drop by, etc.) simply restart the computer and try again.

You can now log in as usual. Just be forewarned that the graphics might appear blockier, and a bit off-color. This is normal in Safe Mode. You will also be warned that you are going into Safe Mode, and asked if this is okay. This is also normal.

Now run Spybotsd_includes.exe to first update the program, then run Spybot Search and Destroy.
-There will be a window to the left asking for several options. Just keep clicking "Next" until the window disappears, or you can click "Start Using Program".
-Click on the button with the blue shield that says "Immunize". This enables built in protection settings in your browser, and should take under a minute.
-Click on "Search and Destroy", then in the resulting display on the main window, click "Check for problems". This will run a check on your system against known malware definitions. At the time of writing this, Spybot has just over 486,000 definitions in its latest download. Most older systems will take up to an hour to run through the definitions and attempt to find each one. Try not to run any other programs, because this will slow down the scan even more.
-In the middle of scanning, you might get a popup asking if you want to run Spybot at restart. ALWAYS SAY NO! This is NOT normal during a scan, and will halt your scan altogether.
-At the end of the scan, you will notice the "Fix Selected problems" button enabled. Click this button, and if prompted to confirm, click on "OK".
-You will receive a very short pop-up report listing how many infections were fixed, and how many were not. You may also be asked if it is okay to run Spybot upon restart. This is normal, and re-running is completely up to you-- just know that it will again take perhaps another hour right after startup, before anything on the desktop is even loaded (i.e., you can't play Solitaire or check your email while waiting).

Phase Three (Registry and Temp)

With the main cleaning part done, a registry/temp file cleaning should be in order. Piriform's ccleaner is a very small application that takes about a total of five minutes to install and run. This does not scan the entire computer-- just the temp files, plus a small, yet crucial part of Windows called the Registry, where viruses have been known to set up many of their evil deeds.

-Installing and using ccleaner is easy and straightforward: open the setup application, and simply keep clicking "Next" (or tap the enter key to look more techno-savvy to your neighbors) until Installation is finished.
-The application won't run automatically, but there will be a Ccleaner icon on the desktop and one in the Start menu. Choose one and double-click.
-In the resulting window, click the button in the lower-right corner reading, "Run Cleaner". Click OK when prompted.
-You will also get a mini-report showing how many temporary files were cleaned out.
-Click on the button on the left that says "Registry". Along the bottom will appear a button that says "Scan for Issues". Click that.
-You might be prompted to save the current registry. Again, it's up to you, but I have never needed to do that.
-There will also be a prompt asking to confirm that you want to fix ALL registry issues found. Choose "Yes".
-Exit the Ccleaner application.

Phase Four (Optional Steps):

You can also run Ad-aware as an additional measure. The scan itself takes longer than Spybot, as well as the updating, which is only possible by going online, as far as I can tell. Installation and running is very similar to Spybot, just make sure to download updates before running a scan. This will add another hour to your scanning-time, but you get the reassurance that you are protected by more than one set of detecion rules.

Also check if you have the most recent Service Pack for your version of Windows. At the time of writing, it stands at SP3 for Windows XP, and SP1 for Windows Vista. This adds built-in security measures in addition to other features for your operating system. Some popups actually disappear after a service pack update, due to better protection.

If your computer is running slow, it could be caused by running more than one antivirus program in the background. One antivirus running takes up a large amount of memory; two running simultaneously is worse than dead weight. Many times this is caused partly by an antivirus subscription that was initially included with the new computer, but has gotten expired. They continue to run without being able to sccan the computer properly with the latest updates. Some users have been known to purchase and install a great antivirus application, without getting rid of the one already on their system. Then they are surprised to see their computer runs even slower than before!

Check the msconfig settings, mainly under the Start Tab. This shows what applications are automatically sent running as soon as you start up the computer. Many are legitimate programs, a handful could be viruses. Uncheck blank entries, as well as entries you do recognize but know you don't really need running in the background. You might not need QuickTime or Adobe Reader or MS Messenger sitting in memory as soon as you log into Windows. A bit of experience and online research can tell you which processes are suspicious, and which are legitimate.

It also doesn't hurt to speed up your computer with a defrag, especially if it's been a while. I've found that thrid-party tools like OO Defrag do a great job, the one that Microsoft provides with your computer does a pretty decent job, and saves you the trouble of locating, downloading and installing.

In Conclusion
So there you have it, a basic but fairly solid antivirus routine as done in many computer repair shops. They may be proud and brag of a one- or two-day turnaround time, but if you can potentially do the same job in under three hours without even leaving your home-- or the trouble of lugging everything to the store and back, not to mention saving over a hundred dollars in service fees, you have just earned a good amount of that pride yourself.